SOC Engineer

Own 24×7 SOC operations with deep expertise in log analysis and forensics. Lead detection engineering, incident handling, evidence management, and continuous improvement across people, process, and tooling.

• Direct SOC operations: shift hygiene, SLA tracking, stakeholder comms, executive updates.
• Detection engineering and content tuning (KQL/Elastic
  
  QL/Sigma/SPL) for EDR, identity, email, and cloud.
• Lead high-severity incidents: scoping, containment, eradication, recovery, PIRs with actionable actions.
• Forensics & Evidence: acquisition (disk/mem/logs), chain-of-custody, timeline/triage, data integrity (hashing).
• Purple teaming, tabletop exercises, attack simulations; ATT&CK mapping and coverage metrics.
• Hiring, mentoring, and career development for analysts; run training and certifications plan.

• Hands‑on with SIEM (Elastic/Splunk/Chronicle) and EDR/XDR (Sentinel One/Crowd Strike), email security, and cloud telemetry.
• Proficient in log analysis, correlation, and anomaly detection; comfortable with PCAP and memory triage tools.
• Strong knowledge of IR frameworks (NIST/ISO), evidence handling, and reporting to exec/board audiences.
• Excellent verbal and written communication under pressure.

• Experience in regulated environments (fintech/edtech); knowledge of ISO 27001/27701, DPDP, RBI directions.
• SOAR design/maintenance; malware analysis fundamentals.

• MTTD/MTTR, detection coverage & false-positive rate, PIR action closure, readiness drill scores, stakeholder satisfaction.